Windows Server 2008 Thread, GPO not applying to organisation unit in Active Directory in Technical; Hi,
I've just configured and set up a brand new Windows 2008 Server. It's going to be our first AD ...
21st June 2011, 01:56 PM #1
GPO not applying to organisation unit in Active Directory
I've just configured and set up a brand new Windows 2008 Server. It's going to be our first AD server.
I've created a couple of test users, and I can logon to a laptop using their username / password, in the newly created domain.
I've created a organisation unit (called student) and moved the users into that OU.
I've then created a GPO, linked it to that OU and setup some test settings (prevent access to Control Panel / hide recycle bin etc etc).
However, when I logon on to the laptop, using a username that is definitely inside that OU, the Group Policy is never applied. I've tried rebooting everything, forcing Group Policy Updates, creating a new GPO from scratch, creating a new user, but nothing works.
Since I am effecitvely following a test lesson from the Fundamentals of Win Server 2008 course that I did a few weeks ago, I cannot see what I am doing wrong. Perhaps there is something else that is not setup correctly that I've forgotten, because everything else seems fine.
IDG Tech News
21st June 2011, 02:01 PM #2
do any settings from other policies apply (try making a obvious but minor change to default domain policy see what happens)
also worth running rsop.msc see what policies it thinks it should apply
21st June 2011, 02:24 PM #3
Ah. No, made a minor change to the default domain policy and this hasn't been applied.
Any ideas what this might indicate?
21st June 2011, 02:56 PM #4
- Rep Power
1) I'm guessing you have not blocked Inheritance inheritance anywhere in your structure?
2) Have you filtered the GPO to only to certain users\groups
3) Have you filtered to apply to a particular WMI service?
4) Have you made sure that the policy settings you have made are under User Configuration and not Computer Configuration?
5) Have you made sure the User Configuration is enabled?
6) Check the Group policy ordering, to make sure your policy applies last (top of the list)
when you run a GPRESULT /R does it tell your your policy should be applying?
Also I assume you are operating all in 1 domain? otherwise you might need to consider loopback
21st June 2011, 03:06 PM #5
I have had similar problems and tracked it down to media sense.
Have a look at - How to disable the Media Sensing feature for TCP/IP in Windows
It can be weird and affect som machines and not others
21st June 2011, 03:07 PM #6
Are you clients DNS settings pointing to your DC?
21st June 2011, 03:09 PM #7
21st June 2011, 03:32 PM #8
Thanks FN-GN - That's the one. The laptop was not pointing to this server as the DNS. Seems to work ok now. Cheers everyone for all your positive and thoughtful suggestions.
21st June 2011, 05:42 PM #9
Not a problem, you will probably find the machines will run faster now as well during login and startup.
Originally Posted by swpmre
22nd June 2011, 11:01 AM #10
Nice one FN-GM, was just about to reply with that and saw you beat me to it .
Rule one of Windows AD Domains (check the DNS). Dependant is not the word... Absolutely required so things don't die horibly is more like it. I would say after an install 30% of all problems are DNS related . Also i can't wait to implement IPv6 (*sarcisum*) you just know thats going to completed screw with my DNS for no reason at all
By erfanos in forum Windows
Last Post: 18th May 2011, 07:26 AM
By steveo2000 in forum Windows Server 2000/2003
Last Post: 19th May 2010, 09:50 AM
By PLR in forum Windows Server 2000/2003
Last Post: 20th February 2009, 04:16 PM
Last Post: 31st January 2008, 12:17 PM
By tosca925 in forum How do you do....it?
Last Post: 24th January 2006, 11:38 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread